version: '3.4'
services:
  traefik:
    image: traefik:2.5.3
    container_name: traefik
    restart: always
    command:
      - "--api=true"
      - "--providers.docker=true"
      - "--providers.docker.network=${COMPOSE_PROJECT_NAME}_web"
      - "--providers.docker.watch=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"

      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"

      - "--certificatesresolvers.traefik.acme.email=${ACME_EMAIL:?lost ACME_EMAIL variable}"
      - "--certificatesresolvers.traefik.acme.storage=/lets_encrypt/acme.json"
      - "--certificatesresolvers.traefik.acme.httpchallenge.entrypoint=web"
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`traefik.${DOMAIN:?lost DOMAIN variable}`)
      - traefik.http.routers.api.service=api@internal
      - traefik.http.middlewares.ip-white.ipwhitelist.sourcerange=${IP_FILTER:-0.0.0.0/0}
      - traefik.http.routers.api.middlewares=ip-white,auth
      - traefik.http.middlewares.auth.basicauth.users=${HT_PASSWD:?lost HT_PASSWD variable}
      - traefik.http.routers.api.tls.certresolver=traefik
      - traefik.http.routers.api.tls=true
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - lets_encrypt:/lets_encrypt
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - web

  minio:
    image: minio/minio:RELEASE.2022-02-07T08-17-33Z
    container_name: minio
    restart: always
    volumes:
      - ${DATA_FOLDER:?lost DATA_FOLDER variable}:/data
    environment:
      - MINIO_REGION_NAME=${REGION:?lost REGION variable}
      - MINIO_ROOT_USER=${ACCESS_KEY:?lost ACCESS_KEY variable}
      - MINIO_ROOT_PASSWORD=${SECRET_KEY:?lost SECRET_KEY variable}
      - MINIO_API_CORS_ALLOW_ORIGIN=${CORS_ALLOW_ORIGIN:-''}
    command: server /data --address :9000 --console-address :9001
    labels:
      - traefik.enable=true

      - traefik.http.services.minio.loadbalancer.server.port=9001
      - traefik.http.routers.minio.service=minio
      - traefik.http.routers.minio.rule=Host(`console.${DOMAIN:?lost DOMAIN variable}`)
      - traefik.http.routers.minio.tls.certresolver=traefik
      - traefik.http.routers.minio.tls=true
      - traefik.http.middlewares.ip-white-s3.ipwhitelist.sourcerange=${IP_FILTER:-0.0.0.0/0}
      - traefik.http.routers.minio.middlewares=ip-white-s3

      - traefik.http.services.s3.loadbalancer.server.port=9000
      - traefik.http.routers.s3.rule=Host(`${DOMAIN:?lost DOMAIN variable}`)
      - traefik.http.middlewares.s3_proxy.headers.customrequestheaders.Host=minio:9000
      - traefik.http.middlewares.s3_proxy.headers.hostsProxyHeaders=Host
      - traefik.http.routers.s3.tls.certresolver=traefik
      - traefik.http.routers.s3.tls=true
      - traefik.http.routers.s3.middlewares=s3_proxy
      - traefik.http.routers.s3.service=s3
    networks:
      - web

networks:
  web:
    driver: bridge

volumes:
  lets_encrypt:
